Red Hat Product Errata RHSA-2010:0002 - Security Advisory

Issued:: 2010-01-04
Updated:: 2010-01-04

RHSA-2010:0002 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: PyXML security update

Type/Severity

Security Advisory: Moderate

Topic

An updated PyXML package that fixes one security issue is now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

PyXML provides XML libraries for Python. The distribution contains a
validating XML parser, an implementation of the SAX and DOM programming
interfaces, and an interface to the Expat parser.

A buffer over-read flaw was found in the way PyXML's Expat parser handled
malformed UTF-8 sequences when processing XML files. A specially-crafted
XML file could cause Python applications using PyXML's Expat parser to
crash while parsing the file. (CVE-2009-3720)

This update makes PyXML use the system Expat library rather than its own
internal copy; therefore, users must install the RHSA-2009:1625 expat
update together with this PyXML update to resolve the CVE-2009-3720 issue.

All PyXML users should upgrade to this updated package, which changes PyXML
to use the system Expat library. After installing this update along with
RHSA-2009:1625, applications using the PyXML library must be restarted for
the update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences

CVEs

CVE-2009-3720

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
PyXML-0.8.4-4.el5_4.2.src.rpm	SHA-256: 72260e2ccd67ee81c7adfc60950b11ea9eb80ec9160b284e24703125e35be482
x86_64
PyXML-0.8.4-4.el5_4.2.x86_64.rpm	SHA-256: 5224fba12267b873c59ce944f9308f878406f84ba10e1858ac4892a82f1a9110
ia64
PyXML-0.8.4-4.el5_4.2.ia64.rpm	SHA-256: 16f31aa788d8c2790de57d2b64ab4f7600dd5f763a87b0b824230d3f580970bc
i386
PyXML-0.8.4-4.el5_4.2.i386.rpm	SHA-256: 3408551035a428c30acf98426489998a6dbe2bb0f5051769dd4f00dc1b807eea

Red Hat Enterprise Linux Server 4

SRPM
PyXML-0.8.3-6.el4_8.2.src.rpm	SHA-256: b4d6a2c279d794eec096c23b6dac5dd404c29dab53fa98d0ea1632a8cd8ce78e
x86_64
PyXML-0.8.3-6.el4_8.2.x86_64.rpm	SHA-256: eeb960fadbaf42d3481e2b2bcce87b3fbde19403f0cd4a350939df5cc18a87d8
PyXML-0.8.3-6.el4_8.2.x86_64.rpm	SHA-256: eeb960fadbaf42d3481e2b2bcce87b3fbde19403f0cd4a350939df5cc18a87d8
ia64
PyXML-0.8.3-6.el4_8.2.ia64.rpm	SHA-256: 7f329844a18f5bc8e7a5afc4edbfe2725e55a8d7a17a66b5cade6dd84880a20a
PyXML-0.8.3-6.el4_8.2.ia64.rpm	SHA-256: 7f329844a18f5bc8e7a5afc4edbfe2725e55a8d7a17a66b5cade6dd84880a20a
i386
PyXML-0.8.3-6.el4_8.2.i386.rpm	SHA-256: 22d4bc301cfd4bbe27cdc98a299c4c2501f03936d4b449127dc73ae893bdf7cc
PyXML-0.8.3-6.el4_8.2.i386.rpm	SHA-256: 22d4bc301cfd4bbe27cdc98a299c4c2501f03936d4b449127dc73ae893bdf7cc

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
PyXML-0.8.3-6.el4_8.2.src.rpm	SHA-256: b4d6a2c279d794eec096c23b6dac5dd404c29dab53fa98d0ea1632a8cd8ce78e
x86_64
PyXML-0.8.3-6.el4_8.2.x86_64.rpm	SHA-256: eeb960fadbaf42d3481e2b2bcce87b3fbde19403f0cd4a350939df5cc18a87d8
PyXML-0.8.3-6.el4_8.2.x86_64.rpm	SHA-256: eeb960fadbaf42d3481e2b2bcce87b3fbde19403f0cd4a350939df5cc18a87d8
ia64
PyXML-0.8.3-6.el4_8.2.ia64.rpm	SHA-256: 7f329844a18f5bc8e7a5afc4edbfe2725e55a8d7a17a66b5cade6dd84880a20a
PyXML-0.8.3-6.el4_8.2.ia64.rpm	SHA-256: 7f329844a18f5bc8e7a5afc4edbfe2725e55a8d7a17a66b5cade6dd84880a20a
i386
PyXML-0.8.3-6.el4_8.2.i386.rpm	SHA-256: 22d4bc301cfd4bbe27cdc98a299c4c2501f03936d4b449127dc73ae893bdf7cc
PyXML-0.8.3-6.el4_8.2.i386.rpm	SHA-256: 22d4bc301cfd4bbe27cdc98a299c4c2501f03936d4b449127dc73ae893bdf7cc

Red Hat Enterprise Linux Workstation 5

SRPM
PyXML-0.8.4-4.el5_4.2.src.rpm	SHA-256: 72260e2ccd67ee81c7adfc60950b11ea9eb80ec9160b284e24703125e35be482
x86_64
PyXML-0.8.4-4.el5_4.2.x86_64.rpm	SHA-256: 5224fba12267b873c59ce944f9308f878406f84ba10e1858ac4892a82f1a9110
i386
PyXML-0.8.4-4.el5_4.2.i386.rpm	SHA-256: 3408551035a428c30acf98426489998a6dbe2bb0f5051769dd4f00dc1b807eea

Red Hat Enterprise Linux Workstation 4

SRPM
PyXML-0.8.3-6.el4_8.2.src.rpm	SHA-256: b4d6a2c279d794eec096c23b6dac5dd404c29dab53fa98d0ea1632a8cd8ce78e
x86_64
PyXML-0.8.3-6.el4_8.2.x86_64.rpm	SHA-256: eeb960fadbaf42d3481e2b2bcce87b3fbde19403f0cd4a350939df5cc18a87d8
ia64
PyXML-0.8.3-6.el4_8.2.ia64.rpm	SHA-256: 7f329844a18f5bc8e7a5afc4edbfe2725e55a8d7a17a66b5cade6dd84880a20a
i386
PyXML-0.8.3-6.el4_8.2.i386.rpm	SHA-256: 22d4bc301cfd4bbe27cdc98a299c4c2501f03936d4b449127dc73ae893bdf7cc

Red Hat Enterprise Linux Desktop 5

SRPM
PyXML-0.8.4-4.el5_4.2.src.rpm	SHA-256: 72260e2ccd67ee81c7adfc60950b11ea9eb80ec9160b284e24703125e35be482
x86_64
PyXML-0.8.4-4.el5_4.2.x86_64.rpm	SHA-256: 5224fba12267b873c59ce944f9308f878406f84ba10e1858ac4892a82f1a9110
i386
PyXML-0.8.4-4.el5_4.2.i386.rpm	SHA-256: 3408551035a428c30acf98426489998a6dbe2bb0f5051769dd4f00dc1b807eea

Red Hat Enterprise Linux Desktop 4

SRPM
PyXML-0.8.3-6.el4_8.2.src.rpm	SHA-256: b4d6a2c279d794eec096c23b6dac5dd404c29dab53fa98d0ea1632a8cd8ce78e
x86_64
PyXML-0.8.3-6.el4_8.2.x86_64.rpm	SHA-256: eeb960fadbaf42d3481e2b2bcce87b3fbde19403f0cd4a350939df5cc18a87d8
i386
PyXML-0.8.3-6.el4_8.2.i386.rpm	SHA-256: 22d4bc301cfd4bbe27cdc98a299c4c2501f03936d4b449127dc73ae893bdf7cc

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
PyXML-0.8.4-4.el5_4.2.src.rpm	SHA-256: 72260e2ccd67ee81c7adfc60950b11ea9eb80ec9160b284e24703125e35be482
s390x
PyXML-0.8.4-4.el5_4.2.s390x.rpm	SHA-256: 5084272a254282002bf264799b37383d5a96a9e320e1cf0ce905baa7bf5ba819

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
PyXML-0.8.3-6.el4_8.2.src.rpm	SHA-256: b4d6a2c279d794eec096c23b6dac5dd404c29dab53fa98d0ea1632a8cd8ce78e
s390x
PyXML-0.8.3-6.el4_8.2.s390x.rpm	SHA-256: 417ed9a4ecd34a774c57c206923ac98d649eaf83ecde58ccac82b1c7a72e23b8
s390
PyXML-0.8.3-6.el4_8.2.s390.rpm	SHA-256: 0821a1ee82567c795b3e5bc500228844aee19c2af8f68d5a978729ada3d51c05

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
PyXML-0.8.3-6.el4_8.2.src.rpm	SHA-256: b4d6a2c279d794eec096c23b6dac5dd404c29dab53fa98d0ea1632a8cd8ce78e
s390x
PyXML-0.8.3-6.el4_8.2.s390x.rpm	SHA-256: 417ed9a4ecd34a774c57c206923ac98d649eaf83ecde58ccac82b1c7a72e23b8
s390
PyXML-0.8.3-6.el4_8.2.s390.rpm	SHA-256: 0821a1ee82567c795b3e5bc500228844aee19c2af8f68d5a978729ada3d51c05

Red Hat Enterprise Linux for Power, big endian 5

SRPM
PyXML-0.8.4-4.el5_4.2.src.rpm	SHA-256: 72260e2ccd67ee81c7adfc60950b11ea9eb80ec9160b284e24703125e35be482
ppc
PyXML-0.8.4-4.el5_4.2.ppc.rpm	SHA-256: 106d4fcad879609648f32d0b92af9d1fcf05f2f0bd79eea7e47a0f4ae59b1397

Red Hat Enterprise Linux for Power, big endian 4

SRPM
PyXML-0.8.3-6.el4_8.2.src.rpm	SHA-256: b4d6a2c279d794eec096c23b6dac5dd404c29dab53fa98d0ea1632a8cd8ce78e
ppc
PyXML-0.8.3-6.el4_8.2.ppc.rpm	SHA-256: 27f8d7bdfc359b16115aa3f7f1d74b42c76eb4e3003d4bb54249a129f5b3bae9

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
PyXML-0.8.3-6.el4_8.2.src.rpm	SHA-256: b4d6a2c279d794eec096c23b6dac5dd404c29dab53fa98d0ea1632a8cd8ce78e
ppc
PyXML-0.8.3-6.el4_8.2.ppc.rpm	SHA-256: 27f8d7bdfc359b16115aa3f7f1d74b42c76eb4e3003d4bb54249a129f5b3bae9

Red Hat Enterprise Linux Server from RHUI 5

SRPM
PyXML-0.8.4-4.el5_4.2.src.rpm	SHA-256: 72260e2ccd67ee81c7adfc60950b11ea9eb80ec9160b284e24703125e35be482
x86_64
PyXML-0.8.4-4.el5_4.2.x86_64.rpm	SHA-256: 5224fba12267b873c59ce944f9308f878406f84ba10e1858ac4892a82f1a9110
i386
PyXML-0.8.4-4.el5_4.2.i386.rpm	SHA-256: 3408551035a428c30acf98426489998a6dbe2bb0f5051769dd4f00dc1b807eea

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.